会话空后退按钮浏览器缓存 [英] session empty back button browser cache
问题描述
我知道这是一个常见问题,但似乎无法解决这个问题。
用户登录并会话并添加了变量。 / p>
然后用户注销并运行php脚本,并破坏会话。
我打印出退出后在index.php页面上的会话,并且为空。
但是如果用户按回车键,用户仍然可以看到登录页面?
我正在使用以下代码破坏会话:
session_start();
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),’,, 0,’/’);
session_regenerate_id(true);
unset($ _ SESSION [ username]);
header( Location:index.php);
使用它来测试会话是否在index.php页面上被破坏了:
print_r( session。$ _ SESSION);
每个页面还具有防止缓存的代码:
标头(到期日:1997年7月26日星期一,格林尼治标准时间05:00:00 GMT); //过去
标头中的日期(上次修改时间:。gmdate( D,d M Y H:i:s)。 GMT);
标头(缓存控制:无缓存,必须重新验证); // HTTP / 1.1
标头( Pragma:no-cache);
<元http-equiv = expires content =星期三,2009年7月1日格林尼治标准时间 />
<元http-equiv = cache-control content = no-cache />
<元http-equiv = pragma content = no-cache />
我可以成功地阻止用户输入网址并使用代码访问安全页面下面:
if(!isset($ _ SESSION ['user']))
{
echo 这里没有会议;
session_start();
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),’,, 0,’/’);
session_regenerate_id(true);
$ _SESSION [’username’] =‘’;
header( Location:index.php);
die( Redirecting to:index.php);
}
会话必须非常开始脚本的第一行
<?php session_start();
if(!isset($ _ SESSION [’user’]))
{
echo‘no session in here’;
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),’,, 0,’/’);
session_regenerate_id(true);
$ _SESSION [’username’] =‘’;
header( Location:index.php);
die( Redirecting to:index.php);
}
I know this is a common question but can't seem to get this to work.
A user logs in and a session and a variable is added.
Then the user logs out and a php script is run and the session is destroyed.
I print out the session on the index.php page after logout and it is empty.
But the user can still see the login page if they press back???
I am using the following code to destroy the session:
session_start();
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
session_regenerate_id(true);
unset($_SESSION["username"]);
header("Location: index.php");
using this to test if the session has been destroyed on the index.php page:
print_r("session".$_SESSION);
Each page also has this code to prevent caching:
header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header ("Pragma: no-cache");
<meta http-equiv="expires" content="WED, 01 JUL 2009 05:00:00 GMT" />
<meta http-equiv="cache-control" content="no-cache" />
<meta http-equiv="pragma" content="no-cache" />
I can successfully prevent the user from typing in the web address url and accessing the secure pages using the code below:
if(!isset($_SESSION['user']))
{
echo 'no session in here';
session_start();
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
session_regenerate_id(true);
$_SESSION['username'] = '';
header("Location: index.php");
die("Redirecting to: index.php");
}
session has to be start very first line of script
<?php session_start();
if(!isset($_SESSION['user']))
{
echo 'no session in here';
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
session_regenerate_id(true);
$_SESSION['username'] = '';
header("Location: index.php");
die("Redirecting to: index.php");
}
这篇关于会话空后退按钮浏览器缓存的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!